[TriLUG] The buck stops here (unfortunately)
rwshep2000.2725323 at bloglines.com
rwshep2000.2725323 at bloglines.com
Thu Nov 11 13:38:59 EST 2004
Hi Jason,
To clarify what I mean by "small" company, I mean approx 40 email
users. They maintain their own passwords in an enterprise application, from
which LDAP grabs updates via a perl script. It is nice that they can change
their own passwords one place to affect all systems, and don't need to tell
IS when they've done so. I see merit in keeping that, but I agree with you
that the whole thing may be overkill, especially since those same users have
to go back and manually change their email client settings after the script
runs (and suddenly they find they can't get or send mail).
Bob S.
---
Triangle Linux Users Group discussion list <trilug at trilug.org wrote:
we recently
deployed a server very similar to what you are thinking about
> moving to
(postfix w/ smtp-auth, virt users w/ mysql, courier-imap/pop,
> tls or ssl
all around, apache and squirrelmail, shorewall, etc). we did
> it on mandrake
instead of debian though. took a while to get everything
> working but no
major headaches.
>
> imo, unless you have lots of users or are hosting
lots of virtual domains,
> both ldap and mysql are overkill. for a small
company with (presumably) a
> small number of domains, using regular user
accounts is a lot easier, just
> take away shell access for security (that's
how i set up my business
> server). having said that, i suspect that sql
is a bit easier to wrap
> your head around than ldap, especially if you're
just using it for mail,
> and is probably easier to customize.
>
> feel
free to contact me offline if you would like assistance with your
> project.
>
> jason
>
> > I am an apps developer for a small company, and I happen
to also be the
> > manager
> > of our IS department, deservingly or not.
I am faced with a fairly
> > important
> > decision about our email, and
being a relative Linux newbie, I feel
> > unqualified
> > to make it without
some additional assistance.
> >
> > My sys-admin, god love him,
> > a F/OSS
guru, keeps me on my toes. The current proposal is to change our
> > email
server as follows:
> >
> > from:
> >
> > RedHat Linux 7.3
> > Open LDAP
(accounts
> > & passwords updated daily via a script)
> > procmail
> >
postfix-tls
> >
> > SpamAssassin
> >
> > Shorewall
> > Webmail: Apache
+ Neomail
> >
> > To:
> >
> > Debian Testing
> > MySQL 4.0
> > (accounts
and passwords updated via SQL)
> > Courier-IMAP-SSL
> > Courier-POP-SSL
> >
> > postfix-tls
> > postfix-mysql
> > Webmail: Apache + SquirrelMail
> >
> > His rationale...
> >
> >
> > "I want to replace OpenLDAP with
MySQL for the accounts. Making SQL
> > queries
> > will be more intuitive
for both of us, vastly increasing the amount of
> > control
> > we may exercise
over the system."
> >
> > "The reason I want to use certs is, simply,
>
> to make my life easier on the mail server. Our current SMTP AUTH process
> > uses SASL ("Simple Authentication and Security Library", although there's
> > little simple about it). "
> >
> > My initial reaction is, if it ain't
broke why
> > fix it. But if this is a better solution, then I'm willing
to approve it.
> >
> >
> > Your thoughts?
> >
> > Bob Shepher
> > --
> > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ : http://trilug.org/faq/
> > TriLUG Member
Services FAQ : http://members.trilug.org/services_faq/
> > TriLUG PGP Keyring
: http://trilug.org/~chrish/trilug.asc
> >
> >
>
> --
> TriLUG
mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG
Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ
: http://members.trilug.org/services_faq/
> TriLUG PGP Keyring :
http://trilug.org/~chrish/trilug.asc
>
More information about the TriLUG
mailing list